HP StorageWorks MSA P2000 Hidden 'admin' User Default ...

Trang chủ » Hp San 2050 Default Ip » HP StorageWorks MSA P2000 Hidden 'admin' User Default ...

Có thể bạn quan tâm

  • Tenable
  • Plugins
  • Overview
  • Plugins Pipeline
  • Newest
  • Updated
  • Search
  • Nessus Families
  • WAS Families
  • NNM Families
  • Tenable OT Security Families
  • About Plugin Families
  • Release Notes
  • Audits
  • Overview
  • Newest
  • Updated
  • Search Audit Files
  • Search Items
  • References
  • Authorities
  • Documentation
  • Download All Audit Files
  • Indicators
  • Overview
  • Search
  • Indicators of Attack
  • Indicators of Exposure
  • Release Notes
  • CVEs
  • Overview
  • Newest
  • Updated
  • Search
  • Attack Path Techniques
  • Overview
  • Search
Detections
  • Plugins
  • Overview
  • Plugins Pipeline
  • Release Notes
  • Newest
  • Updated
  • Search
  • Nessus Families
  • WAS Families
  • NNM Families
  • Tenable OT Security Families
  • About Plugin Families
  • Audits
  • Overview
  • Newest
  • Updated
  • Search Audit Files
  • Search Items
  • References
  • Authorities
  • Documentation
  • Download All Audit Files
  • Indicators
  • Overview
  • Search
  • Indicators of Attack
  • Indicators of Exposure
  • Release Notes
Analytics
  • CVEs
  • Overview
  • Newest
  • Updated
  • Search
  • Attack Path Techniques
  • Overview
  • Search
  1. Plugins
  2. Nessus
  3. 51369
  1. Nessus
HP StorageWorks MSA P2000 Hidden 'admin' User Default Credentials
critical Nessus Plugin ID 51369

Language:

English日本語简体中文繁體中文English
  • Information
  • Dependencies
  • Dependents
  • Changelog

Synopsis

The remote device has an account with default credentials.

Description

The remote device appears to be a HP StorageWorks MSA P2000 series.There is a hidden, undocumented account named 'admin' secured with a default password of '!admin'.A remote attacker can exploit this to gain privileged access to the management interface.

Solution

Use the workaround described in the HP security bulletin SSRT100356.

See Also

https://seclists.org/bugtraq/2010/Dec/102

https://seclists.org/bugtraq/2010/Dec/260

https://www.zerodayinitiative.com/advisories/ZDI-12-015/

http://www.nessus.org/u?08b08d05

Plugin Details

Severity: Critical

ID: 51369

File Name: hp_storageworks_admin_default_creds.nasl

Version: 1.29

Type: remote

Family: Gain a shell remotely

Published: 12/23/2010

Updated: 8/5/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2010-4115

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:hp:storageworks_modular_smart_array

Excluded KB Items: global_settings/supplied_logins_only

Exploit Ease: No exploit is required

Patch Publication Date: 12/16/2010

Vulnerability Publication Date: 12/13/2010

Reference Information

CVE: CVE-2010-4115

BID: 45386

IAVB: 2010-B-0118-S

Secunia: 42583

Từ khóa » Hp San 2050 Default Ip